Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2502.19405 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866929732783702016 |
|---|---|
| author | Arun, Arasu Arnaud, Adam St. Titov, Alexey Wilcox, Brian Kolobaric, Viktor Brinkmann, Marc Ersoy, Oguzhan Fielding, Ben Bonneau, Joseph |
| author_facet | Arun, Arasu Arnaud, Adam St. Titov, Alexey Wilcox, Brian Kolobaric, Viktor Brinkmann, Marc Ersoy, Oguzhan Fielding, Ben Bonneau, Joseph |
| contents | Machine learning programs, such as those performing inference, fine-tuning, and training of LLMs, are commonly delegated to untrusted compute providers. To provide correctness guarantees for the client, we propose adapting the cryptographic notion of refereed delegation to the machine learning setting. This approach enables a computationally limited client to delegate a program to multiple untrusted compute providers, with a guarantee of obtaining the correct result if at least one of them is honest. Refereed delegation of ML programs poses two technical hurdles: (1) an arbitration protocol to resolve disputes when compute providers disagree on the output, and (2) the ability to bitwise reproduce ML programs across different hardware setups, For (1), we design Verde, a dispute arbitration protocol that efficiently handles the large scale and graph-based computational model of modern ML programs. For (2), we build RepOps (Reproducible Operators), a library that eliminates hardware "non-determinism" by controlling the order of floating point operations performed on all hardware. Our implementation shows that refereed delegation achieves both strong guarantees for clients and practical overheads for compute providers. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2502_19405 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Verde: Verification via Refereed Delegation for Machine Learning Programs Arun, Arasu Arnaud, Adam St. Titov, Alexey Wilcox, Brian Kolobaric, Viktor Brinkmann, Marc Ersoy, Oguzhan Fielding, Ben Bonneau, Joseph Machine Learning Machine learning programs, such as those performing inference, fine-tuning, and training of LLMs, are commonly delegated to untrusted compute providers. To provide correctness guarantees for the client, we propose adapting the cryptographic notion of refereed delegation to the machine learning setting. This approach enables a computationally limited client to delegate a program to multiple untrusted compute providers, with a guarantee of obtaining the correct result if at least one of them is honest. Refereed delegation of ML programs poses two technical hurdles: (1) an arbitration protocol to resolve disputes when compute providers disagree on the output, and (2) the ability to bitwise reproduce ML programs across different hardware setups, For (1), we design Verde, a dispute arbitration protocol that efficiently handles the large scale and graph-based computational model of modern ML programs. For (2), we build RepOps (Reproducible Operators), a library that eliminates hardware "non-determinism" by controlling the order of floating point operations performed on all hardware. Our implementation shows that refereed delegation achieves both strong guarantees for clients and practical overheads for compute providers. |
| title | Verde: Verification via Refereed Delegation for Machine Learning Programs |
| topic | Machine Learning |
| url | https://arxiv.org/abs/2502.19405 |